1391 matches found
[SECURITY] Fedora 40 Update: mod_http2-2.0.29-1.fc40
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...
Medium: ecs-init
Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...
qt5-qtbase security update
5.15.3-8 - HTTP2: Delay any communication until encrypted can be responded to Resolves: RHEL-46340...
qt5-qtbase security update
5.15.9-10 - HTTP2: Delay any communication until encrypted can be responded to Resolves: RHEL-46348...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.45 bug fix and security update
Red Hat OpenShift Container Platform release 4.13.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...
Security advisory: Recently discovered HTTP2 handling issue impacts Qt
Whenever a TLS connection is started for a server that supports HTTP2 and has sent some data to the application then Qt will send data to the server even if the TLS certificate does not match the address it has been redirected too. This has been assigned the CVE id CVE-2024-39936. This is known t...
Important: Red Hat Security Advisory: git-lfs security update
An update for git-lfs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 8 : git-lfs (RHSA-2024:4545)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4545 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...
RHEL 8 : git-lfs (RHSA-2024:4546)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4546 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...
UBUNTU-CVE-2024-38535
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...
CVE-2024-38535 Suricata http2: oom from duplicate headers
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6...
Low: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.10.4 security updates and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.10.4 General Availability release images, which apply security fixes and fix bugs. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
SUSE CVE-2024-39936
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...
CVE-2024-39936
A vulnerability was found in Qt where, during a TLS connection for servers supporting HTTP2, Qt may send data to a server even if the TLS certificate doesn't match the redirected address. This occurs because Qt fails to validate the certificate against the redirected address, potentially sending...
CVE-2024-39936
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...
CVE-2024-39936
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...
CVE-2024-39936
CVE-2024-39936 describes a race in Qt’s HTTP/2 handling where code making security decisions on an established connection can execute before the encrypted() signal is emitted. Affected are Qt base/runtime builds for multiple series (Qt 5.15.x, 6.x up to 6.7.x, prior to respective patch levels). T...
CVE-2024-39936
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...
CVE-2024-39936
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...
CVE-2024-39936
An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...